There are provided systems and methods for an authorization and access control system for access rights using relationship graphs. A service provider may provide an authorization and access control system that allows users within the service provider and/or customer entities to assign and change access rights or permissions to computing resources. When providing control of these access rights, the service provider may utilize relationship graphs, queried and generated using a graph database, to visualize and determine access rights that are inherited through different relationships and policies defining these access rights. The relationship graph may show edges for nodes that correspond to related objects, such as actors, groups, and resources. Paths over the relationship graph may be used to determine access rights that may be inherited by users. Once determined, these access rights may be established and/or updated with computing systems.
Legal claims defining the scope of protection, as filed with the USPTO.
3. The service provider system of claim 2, wherein each of the linked connections comprises at least one vector direction identifying at least one of membership relationships in the group vertices, or access relationships between the actor vertices, the group vertices, and the resource vertices.
4. The service provider system of claim 2, wherein the relationship graph is restructured at each subsequent query to the graph database for the relationship graph.
5. The service provider system of claim 2, wherein the actor vertices, the group vertices, and the resource vertices in the relationship graph are represented by URNs comprising universally unique identifiers (UUIDs) that do not need to be resolved using at least one of a network address, a virtual address, or personally identifiable information.
6. The service provider system of claim 2, wherein the actor vertices, the group vertices, the resource vertices, and the connections are determined based on policies for the user using at least one of a base node vertex for the user, the actor vertices, the group vertices, or the resource vertices.
7. The service provider system of claim 1, wherein the graph database comprises an Arango database and the graph query language comprises an AQL query language.
8. The service provider system of claim 1, wherein the access rights comprise one or more of a data access permission, a spend permission, an administrative permission, a system authentication permission, or a spend velocity permission.
10. The service provider system of claim 1, wherein each of the access rights is defined as a URN string, and wherein a set of the access rights correspond to a set of permissions for the user.
13. The method of claim 12, wherein each of the linked connections comprises at least one vector direction identifying at least one of membership relationships in the group vertices, or access relationships between the actor vertices, the group vertices, and the resource vertices.
14. The method of claim 12, wherein the relationship graph is restructured at each subsequent query to the graph database for the relationship graph.
15. The method of claim 12, wherein the actor vertices, the group vertices, and the resource vertices in the relationship graph are represented by URNs comprising universally unique identifiers (UUIDs) that do not need to be resolved using at least one of a network address, a virtual address, or personally identifiable information.
16. The method of claim 12, wherein the actor vertices, the group vertices, the resource vertices, and the connections are determined based on policies for the user using at least one of a base node vertex for the user, the actor vertices, the group vertices, or the resource vertices.
17. The method of claim 11, wherein the graph database comprises an Arango database and the graph query language comprises an AQL query language.
18. The method of claim 11, wherein the access rights comprise one or more of a data access permission, a spend permission, an administrative permission, a system authentication permission, or a spend velocity permission.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 29, 2021
August 20, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.